Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp1288622rwi; Thu, 27 Oct 2022 13:51:40 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6DiAgB4tLlY6YZXwhPVhpUBH5WBnx/HIsynSt4WxL8eeCKCTj1H6RuvdgFHQbLgc8klJLK X-Received: by 2002:a17:907:6288:b0:78d:ab30:c374 with SMTP id nd8-20020a170907628800b0078dab30c374mr44646966ejc.266.1666903900707; Thu, 27 Oct 2022 13:51:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666903900; cv=none; d=google.com; s=arc-20160816; b=oHlOUeTPd5n9A1lpdvDvxTOUKxHoSHw1zy2GpWQoYDr/F4EBg1KWCfzJNesr0AOwaP vHZ3ZV7SM3qWYM6RSlZYQ2qrEu2a9ngUGWBicBtNI5OJgZsfLyXVto+vqLp04hmZiTOd UMNZRP/oIW3S2WjxDtxVH0SYtMMS/bjUyj6P1+Vg+1g1k3y75SYqQh4ZYwt8oOZiCC85 hCNohYxm9zDaLY6/1IhPsplCV+l+hSnAGC7egv2KAPpWsNlup1+yizgpCCEGOl3ijQMI 4CB+SkhoEQ3WtcygdhZ1YGeUScwh6WeNpRUOhC585vuerwt4sCy9fSTIzCi0VPy85vCY c0mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=fPlBRtPqc4jzRch7GuGBGnWek2G+euBxO7Wx+7kBlaA=; b=cANTyhRHEM52ubhE+xemTT0s+oFuSummJF+4eVrdArlJFr0d4Ow2qWObcH7w14OotL Z2UG67jeyuPhYdz7Z0HCLYgCxTkESDblpIuiY99pNBZtSJpl7TJ0B1s4/TChTu60L6ji TAUbvxSKPwV7J5RZXOWdCWjq1TU8BpcASDjRtphtJbneZnUWnv2SuuLcpPDjjZODAlbo dWseMHeam/xL7jwtBiGMOvLg2vePQjT7C4LbWeMt4D8F6SRaxTjt16No4HL7OSIAASUj LiZNFsHXO1YCjHbEI2QHxdjm2YYajot9vJjcivvoGZJvqtX9knnW4kvEWcU+XySf00G4 kYag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=bVK6qkkm; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id js2-20020a17090797c200b007acf3aed468si2526359ejc.786.2022.10.27.13.51.16; Thu, 27 Oct 2022 13:51:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=bVK6qkkm; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236441AbiJ0Uuq (ORCPT + 99 others); Thu, 27 Oct 2022 16:50:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37384 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237151AbiJ0Usp (ORCPT ); Thu, 27 Oct 2022 16:48:45 -0400 Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 748B563C1 for ; Thu, 27 Oct 2022 13:44:45 -0700 (PDT) Received: by mail-wr1-x42d.google.com with SMTP id w14so4156882wru.8 for ; Thu, 27 Oct 2022 13:44:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fPlBRtPqc4jzRch7GuGBGnWek2G+euBxO7Wx+7kBlaA=; b=bVK6qkkmlZm2eCfia56EiPyJWBNvSCSN65vuXmZMwv60c1riUqwoyFm4oXCLyqdWEj HZJ2IyHeUII0+db20y55ElVHgVl+Me9JXeWiVips4MimCekYNrxcW5uwfADYtmFU170z kKgoH8tIctGOaKe05NevvYz028QTHVNviQLU0btxNJVmjM9Aw9trwGYLpctf+L3JBXkM o/9Rs0JCpJIhS9XPU4g7jeLUCdUPLEoF53RA3X+qS2sT4SD2VjiR3MRKoZ2KKJmORuil TgBfc1nWz8Ugk+G4Cr9K41yJ9ZLQzIROOdUUcxU7miwZVLrZ5zPnRmx8hui09mlg720C KuiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fPlBRtPqc4jzRch7GuGBGnWek2G+euBxO7Wx+7kBlaA=; b=Sz/wsYDOcWdf6ldinf79a0mzQNSg/s9yZXs1pzPeiLP3uwLpOPmXZWOnML3CHXs9ek pi+2yWuEzJoRJL963bh/tDSndAz0khZw7cfqL9VK0JHgsXyBJTUoy/7zGkiq4FnIZwiw LzcB7pm+dBX2aVhXzqvDgDC/aVrHxbh3LT2ZvA1t51mKvwwFgzuPHvZE+G0+u+SteMgL zyvT+McvdsyrBdeMxmJtnw1uTOEUW3Hebjla+3S5q30XQ6Q2zrm2qpTING8Ik26VAl1r vM/Jz4xGuP50OR7TRgbNhM6x1uu0vtvRh5w5i6GgIVLRxyrjzzrgw7dL7LAOaLbdRb7U Eotg== X-Gm-Message-State: ACrzQf0wMk4f0gCEr5AwI8q7jeZk/Y2xYn47mq/3Pe+LqJ0oh059f110 m8ow6GmU4Ybc5/7ZJIUq+lSN/Q== X-Received: by 2002:a5d:4b51:0:b0:236:88a2:267f with SMTP id w17-20020a5d4b51000000b0023688a2267fmr7863025wrs.461.1666903485174; Thu, 27 Oct 2022 13:44:45 -0700 (PDT) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id n3-20020a5d6b83000000b00236644228besm1968739wrx.40.2022.10.27.13.44.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Oct 2022 13:44:44 -0700 (PDT) From: Dmitry Safonov To: linux-kernel@vger.kernel.org, David Ahern , Eric Dumazet Cc: Dmitry Safonov , Andy Lutomirski , Ard Biesheuvel , Bob Gilligan , Dan Carpenter , "David S. Miller" , Dmitry Safonov <0x7f454c46@gmail.com>, Eric Biggers , "Eric W. Biederman" , Francesco Ruggeri , Herbert Xu , Hideaki YOSHIFUJI , Ivan Delalande , Jakub Kicinski , Leonard Crestez , Paolo Abeni , Salam Noureddine , Shuah Khan , netdev@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [PATCH v3 33/36] selftests/nettest: Remove client_pw Date: Thu, 27 Oct 2022 21:43:44 +0100 Message-Id: <20221027204347.529913-34-dima@arista.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221027204347.529913-1-dima@arista.com> References: <20221027204347.529913-1-dima@arista.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Use -X to set md5 password string and -M to set authentication method as TCP-MD5. Remove client_pw as not needed. This will allow to add an option to use TCP-AO as authentication method. Note, that use_md5 is a bit, rather than an enum member like `authentication_method` - this will allow to call nettest the way that it'll try to connect with both tcp-md5 and tcp-ao setsocketopt() [which shouldn't be allowed]. Signed-off-by: Dmitry Safonov --- tools/testing/selftests/net/fcnal-test.sh | 232 +++++++++++----------- tools/testing/selftests/net/nettest.c | 26 ++- 2 files changed, 128 insertions(+), 130 deletions(-) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 31c3b6ebd388..d4516c755858 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -843,9 +843,9 @@ ipv4_tcp_md5_novrf() # basic use case log_start - run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} & + run_cmd nettest -s -M -X ${MD5_PW} -m ${NSB_IP} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 0 "MD5: Single address config" # client sends MD5, server not configured @@ -853,23 +853,23 @@ ipv4_tcp_md5_novrf() show_hint "Should timeout due to MD5 mismatch" run_cmd nettest -s & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 2 "MD5: Server no config, client uses password" # wrong password log_start show_hint "Should timeout since client uses wrong password" - run_cmd nettest -s -M ${MD5_PW} -m ${NSB_IP} & + run_cmd nettest -s -M -X ${MD5_PW} -m ${NSB_IP} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_WRONG_PW} log_test $? 2 "MD5: Client uses wrong password" # client from different address log_start show_hint "Should timeout due to MD5 mismatch" - run_cmd nettest -s -M ${MD5_PW} -m ${NSB_LO_IP} & + run_cmd nettest -s -M -X ${MD5_PW} -m ${NSB_LO_IP} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 2 "MD5: Client address does not match address configured with password" # @@ -878,25 +878,25 @@ ipv4_tcp_md5_novrf() # client in prefix log_start - run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} & + run_cmd nettest -s -M -X ${MD5_PW} -m ${NS_NET} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 0 "MD5: Prefix config" # client in prefix, wrong password log_start show_hint "Should timeout since client uses wrong password" - run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} & + run_cmd nettest -s -M -X ${MD5_PW} -m ${NS_NET} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_WRONG_PW} log_test $? 2 "MD5: Prefix config, client uses wrong password" # client outside of prefix log_start show_hint "Should timeout due to MD5 mismatch" - run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} & + run_cmd nettest -s -M -X ${MD5_PW} -m ${NS_NET} & sleep 1 - run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 2 "MD5: Prefix config, client address not in configured prefix" } @@ -911,9 +911,9 @@ ipv4_tcp_md5() # basic use case log_start - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NSB_IP} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 0 "MD5: VRF: Single address config" # client sends MD5, server not configured @@ -921,23 +921,23 @@ ipv4_tcp_md5() show_hint "Should timeout since server does not have MD5 auth" run_cmd nettest -s -I ${VRF} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 2 "MD5: VRF: Server no config, client uses password" # wrong password log_start show_hint "Should timeout since client uses wrong password" - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NSB_IP} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_WRONG_PW} log_test $? 2 "MD5: VRF: Client uses wrong password" # client from different address log_start show_hint "Should timeout since server config differs from client" - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP} & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NSB_LO_IP} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 2 "MD5: VRF: Client address does not match address configured with password" # @@ -946,25 +946,25 @@ ipv4_tcp_md5() # client in prefix log_start - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 0 "MD5: VRF: Prefix config" # client in prefix, wrong password log_start show_hint "Should timeout since client uses wrong password" - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_WRONG_PW} log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password" # client outside of prefix log_start show_hint "Should timeout since client address is outside of prefix" - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET} & sleep 1 - run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -c ${NSB_LO_IP} -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix" # @@ -972,74 +972,74 @@ ipv4_tcp_md5() # log_start - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} & - run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NSB_IP} & + run_cmd nettest -s -M -X ${MD5_WRONG_PW} -m ${NSB_IP} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF" log_start - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} & - run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NSB_IP} & + run_cmd nettest -s -M -X ${MD5_WRONG_PW} -m ${NSB_IP} & sleep 1 - run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} + run_cmd_nsc nettest -r ${NSA_IP} -M -X ${MD5_WRONG_PW} log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF" log_start show_hint "Should timeout since client in default VRF uses VRF password" - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} & - run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NSB_IP} & + run_cmd nettest -s -M -X ${MD5_WRONG_PW} -m ${NSB_IP} & sleep 1 - run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsc nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw" log_start show_hint "Should timeout since client in VRF uses default VRF password" - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP} & - run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NSB_IP} & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NSB_IP} & + run_cmd nettest -s -M -X ${MD5_WRONG_PW} -m ${NSB_IP} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_WRONG_PW} log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw" log_start - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} & - run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET} & + run_cmd nettest -s -M -X ${MD5_WRONG_PW} -m ${NS_NET} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF" log_start - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} & - run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET} & + run_cmd nettest -s -M -X ${MD5_WRONG_PW} -m ${NS_NET} & sleep 1 - run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} + run_cmd_nsc nettest -r ${NSA_IP} -M -X ${MD5_WRONG_PW} log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF" log_start show_hint "Should timeout since client in default VRF uses VRF password" - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} & - run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET} & + run_cmd nettest -s -M -X ${MD5_WRONG_PW} -m ${NS_NET} & sleep 1 - run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsc nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw" log_start show_hint "Should timeout since client in VRF uses default VRF password" - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} & - run_cmd nettest -s -M ${MD5_WRONG_PW} -m ${NS_NET} & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET} & + run_cmd nettest -s -M -X ${MD5_WRONG_PW} -m ${NS_NET} & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_WRONG_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_WRONG_PW} log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw" # # negative tests # log_start - run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP} + run_cmd nettest -s -I ${NSA_DEV} -M -X ${MD5_PW} -m ${NSB_IP} log_test $? 1 "MD5: VRF: Device must be a VRF - single address" log_start - run_cmd nettest -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET} + run_cmd nettest -s -I ${NSA_DEV} -M -X ${MD5_PW} -m ${NS_NET} log_test $? 1 "MD5: VRF: Device must be a VRF - prefix" test_ipv4_md5_vrf__vrf_server__no_bind_ifindex @@ -1050,16 +1050,16 @@ test_ipv4_md5_vrf__vrf_server__no_bind_ifindex() { log_start show_hint "Simulates applications using VRF without TCP_MD5SIG_FLAG_IFINDEX" - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 0 "MD5: VRF: VRF-bound server, unbound key accepts connection" log_start show_hint "Binding both the socket and the key is not required but it works" - run_cmd nettest -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex & + run_cmd nettest -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 0 "MD5: VRF: VRF-bound server, bound key accepts connection" } @@ -1071,27 +1071,27 @@ test_ipv4_md5_vrf__global_server__bind_ifindex0() set_sysctl net.ipv4.tcp_l3mdev_accept=1 log_start - run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex & + run_cmd nettest -s -M -X ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 2 "MD5: VRF: Global server, Key bound to ifindex=0 rejects VRF connection" log_start - run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex & + run_cmd nettest -s -M -X ${MD5_PW} -m ${NS_NET} --force-bind-key-ifindex & sleep 1 - run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsc nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 0 "MD5: VRF: Global server, key bound to ifindex=0 accepts non-VRF connection" log_start - run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex & + run_cmd nettest -s -M -X ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex & sleep 1 - run_cmd_nsb nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsb nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts VRF connection" log_start - run_cmd nettest -s -M ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex & + run_cmd nettest -s -M -X ${MD5_PW} -m ${NS_NET} --no-bind-key-ifindex & sleep 1 - run_cmd_nsc nettest -r ${NSA_IP} -X ${MD5_PW} + run_cmd_nsc nettest -r ${NSA_IP} -M -X ${MD5_PW} log_test $? 0 "MD5: VRF: Global server, key not bound to ifindex accepts non-VRF connection" # restore value @@ -2454,9 +2454,9 @@ ipv6_tcp_md5_novrf() # basic use case log_start - run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} & + run_cmd nettest -6 -s -M -X ${MD5_PW} -m ${NSB_IP6} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_PW} log_test $? 0 "MD5: Single address config" # client sends MD5, server not configured @@ -2464,23 +2464,23 @@ ipv6_tcp_md5_novrf() show_hint "Should timeout due to MD5 mismatch" run_cmd nettest -6 -s & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_PW} log_test $? 2 "MD5: Server no config, client uses password" # wrong password log_start show_hint "Should timeout since client uses wrong password" - run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_IP6} & + run_cmd nettest -6 -s -M -X ${MD5_PW} -m ${NSB_IP6} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_WRONG_PW} log_test $? 2 "MD5: Client uses wrong password" # client from different address log_start show_hint "Should timeout due to MD5 mismatch" - run_cmd nettest -6 -s -M ${MD5_PW} -m ${NSB_LO_IP6} & + run_cmd nettest -6 -s -M -X ${MD5_PW} -m ${NSB_LO_IP6} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_PW} log_test $? 2 "MD5: Client address does not match address configured with password" # @@ -2489,25 +2489,25 @@ ipv6_tcp_md5_novrf() # client in prefix log_start - run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} & + run_cmd nettest -6 -s -M -X ${MD5_PW} -m ${NS_NET6} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_PW} log_test $? 0 "MD5: Prefix config" # client in prefix, wrong password log_start show_hint "Should timeout since client uses wrong password" - run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} & + run_cmd nettest -6 -s -M -X ${MD5_PW} -m ${NS_NET6} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_WRONG_PW} log_test $? 2 "MD5: Prefix config, client uses wrong password" # client outside of prefix log_start show_hint "Should timeout due to MD5 mismatch" - run_cmd nettest -6 -s -M ${MD5_PW} -m ${NS_NET6} & + run_cmd nettest -6 -s -M -X ${MD5_PW} -m ${NS_NET6} & sleep 1 - run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW} + run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -M -X ${MD5_PW} log_test $? 2 "MD5: Prefix config, client address not in configured prefix" } @@ -2522,9 +2522,9 @@ ipv6_tcp_md5() # basic use case log_start - run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} & + run_cmd nettest -6 -s -I ${VRF} -M -X ${MD5_PW} -m ${NSB_IP6} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_PW} log_test $? 0 "MD5: VRF: Single address config" # client sends MD5, server not configured @@ -2532,23 +2532,23 @@ ipv6_tcp_md5() show_hint "Should timeout since server does not have MD5 auth" run_cmd nettest -6 -s -I ${VRF} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_PW} log_test $? 2 "MD5: VRF: Server no config, client uses password" # wrong password log_start show_hint "Should timeout since client uses wrong password" - run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} & + run_cmd nettest -6 -s -I ${VRF} -M -X ${MD5_PW} -m ${NSB_IP6} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_WRONG_PW} log_test $? 2 "MD5: VRF: Client uses wrong password" # client from different address log_start show_hint "Should timeout since server config differs from client" - run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_LO_IP6} & + run_cmd nettest -6 -s -I ${VRF} -M -X ${MD5_PW} -m ${NSB_LO_IP6} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_PW} log_test $? 2 "MD5: VRF: Client address does not match address configured with password" # @@ -2557,25 +2557,25 @@ ipv6_tcp_md5() # client in prefix log_start - run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} & + run_cmd nettest -6 -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET6} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_PW} log_test $? 0 "MD5: VRF: Prefix config" # client in prefix, wrong password log_start show_hint "Should timeout since client uses wrong password" - run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} & + run_cmd nettest -6 -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET6} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_WRONG_PW} log_test $? 2 "MD5: VRF: Prefix config, client uses wrong password" # client outside of prefix log_start show_hint "Should timeout since client address is outside of prefix" - run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} & + run_cmd nettest -6 -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET6} & sleep 1 - run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -X ${MD5_PW} + run_cmd_nsb nettest -6 -c ${NSB_LO_IP6} -r ${NSA_IP6} -M -X ${MD5_PW} log_test $? 2 "MD5: VRF: Prefix config, client address not in configured prefix" # @@ -2583,74 +2583,74 @@ ipv6_tcp_md5() # log_start - run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} & - run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} & + run_cmd nettest -6 -s -I ${VRF} -M -X ${MD5_PW} -m ${NSB_IP6} & + run_cmd nettest -6 -s -M -X ${MD5_WRONG_PW} -m ${NSB_IP6} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_PW} log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF" log_start - run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} & - run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} & + run_cmd nettest -6 -s -I ${VRF} -M -X ${MD5_PW} -m ${NSB_IP6} & + run_cmd nettest -6 -s -M -X ${MD5_WRONG_PW} -m ${NSB_IP6} & sleep 1 - run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} + run_cmd_nsc nettest -6 -r ${NSA_IP6} -M -X ${MD5_WRONG_PW} log_test $? 0 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF" log_start show_hint "Should timeout since client in default VRF uses VRF password" - run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} & - run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} & + run_cmd nettest -6 -s -I ${VRF} -M -X ${MD5_PW} -m ${NSB_IP6} & + run_cmd nettest -6 -s -M -X ${MD5_WRONG_PW} -m ${NSB_IP6} & sleep 1 - run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW} + run_cmd_nsc nettest -6 -r ${NSA_IP6} -M -X ${MD5_PW} log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in default VRF with VRF pw" log_start show_hint "Should timeout since client in VRF uses default VRF password" - run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NSB_IP6} & - run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NSB_IP6} & + run_cmd nettest -6 -s -I ${VRF} -M -X ${MD5_PW} -m ${NSB_IP6} & + run_cmd nettest -6 -s -M -X ${MD5_WRONG_PW} -m ${NSB_IP6} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_WRONG_PW} log_test $? 2 "MD5: VRF: Single address config in default VRF and VRF, conn in VRF with default VRF pw" log_start - run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} & - run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & + run_cmd nettest -6 -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET6} & + run_cmd nettest -6 -s -M -X ${MD5_WRONG_PW} -m ${NS_NET6} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_PW} log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF" log_start - run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} & - run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & + run_cmd nettest -6 -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET6} & + run_cmd nettest -6 -s -M -X ${MD5_WRONG_PW} -m ${NS_NET6} & sleep 1 - run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} + run_cmd_nsc nettest -6 -r ${NSA_IP6} -M -X ${MD5_WRONG_PW} log_test $? 0 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF" log_start show_hint "Should timeout since client in default VRF uses VRF password" - run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} & - run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & + run_cmd nettest -6 -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET6} & + run_cmd nettest -6 -s -M -X ${MD5_WRONG_PW} -m ${NS_NET6} & sleep 1 - run_cmd_nsc nettest -6 -r ${NSA_IP6} -X ${MD5_PW} + run_cmd_nsc nettest -6 -r ${NSA_IP6} -M -X ${MD5_PW} log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in default VRF with VRF pw" log_start show_hint "Should timeout since client in VRF uses default VRF password" - run_cmd nettest -6 -s -I ${VRF} -M ${MD5_PW} -m ${NS_NET6} & - run_cmd nettest -6 -s -M ${MD5_WRONG_PW} -m ${NS_NET6} & + run_cmd nettest -6 -s -I ${VRF} -M -X ${MD5_PW} -m ${NS_NET6} & + run_cmd nettest -6 -s -M -X ${MD5_WRONG_PW} -m ${NS_NET6} & sleep 1 - run_cmd_nsb nettest -6 -r ${NSA_IP6} -X ${MD5_WRONG_PW} + run_cmd_nsb nettest -6 -r ${NSA_IP6} -M -X ${MD5_WRONG_PW} log_test $? 2 "MD5: VRF: Prefix config in default VRF and VRF, conn in VRF with default VRF pw" # # negative tests # log_start - run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NSB_IP6} + run_cmd nettest -6 -s -I ${NSA_DEV} -M -X ${MD5_PW} -m ${NSB_IP6} log_test $? 1 "MD5: VRF: Device must be a VRF - single address" log_start - run_cmd nettest -6 -s -I ${NSA_DEV} -M ${MD5_PW} -m ${NS_NET6} + run_cmd nettest -6 -s -I ${NSA_DEV} -M -X ${MD5_PW} -m ${NS_NET6} log_test $? 1 "MD5: VRF: Device must be a VRF - prefix" } diff --git a/tools/testing/selftests/net/nettest.c b/tools/testing/selftests/net/nettest.c index 7900fa98eccb..b9e600899cf6 100644 --- a/tools/testing/selftests/net/nettest.c +++ b/tools/testing/selftests/net/nettest.c @@ -76,7 +76,8 @@ struct sock_args { has_grp:1, has_expected_laddr:1, has_expected_raddr:1, - bind_test_only:1; + bind_test_only:1, + use_md5:1; unsigned short port; @@ -95,7 +96,6 @@ struct sock_args { const char *serverns; const char *password; - const char *client_pw; /* prefix for MD5 password */ const char *md5_prefix_str; union { @@ -1546,7 +1546,7 @@ static int do_server(struct sock_args *args, int ipc_fd) return rc; } - if (args->password && tcp_md5_remote(lsd, args)) { + if (args->use_md5 && tcp_md5_remote(lsd, args)) { close(lsd); goto err_exit; } @@ -1670,7 +1670,7 @@ static int connectsock(void *addr, socklen_t alen, struct sock_args *args) if (args->type != SOCK_STREAM && !args->datagram_connect) goto out; - if (args->password && tcp_md5sig(sd, addr, alen, args)) + if (args->use_md5 && tcp_md5sig(sd, addr, alen, args)) goto err; if (args->bind_test_only) @@ -1751,8 +1751,6 @@ static int do_client(struct sock_args *args) break; } - args->password = args->client_pw; - if (args->has_grp) sd = msock_client(args); else @@ -1862,7 +1860,7 @@ static int ipc_parent(int cpid, int fd, struct sock_args *args) return client_status; } -#define GETOPT_STR "sr:l:c:p:t:g:P:DRn:M:X:m:d:I:BN:O:SUCi6xL:0:1:2:3:Fbqf" +#define GETOPT_STR "sr:l:c:p:t:g:P:DRn:MX:m:d:I:BN:O:SUCi6xL:0:1:2:3:Fbqf" #define OPT_FORCE_BIND_KEY_IFINDEX 1001 #define OPT_NO_BIND_KEY_IFINDEX 1002 @@ -1906,8 +1904,8 @@ static void print_usage(char *prog) " -L len send random message of given length\n" " -n num number of times to send message\n" "\n" - " -M password use MD5 sum protection\n" - " -X password MD5 password for client mode\n" + " -M use MD5 sum protection\n" + " -X password MD5 password\n" " -m prefix/len prefix and length to use for MD5 key\n" " --no-bind-key-ifindex: Force TCP_MD5SIG_FLAG_IFINDEX off\n" " --force-bind-key-ifindex: Force TCP_MD5SIG_FLAG_IFINDEX on\n" @@ -2019,7 +2017,7 @@ int main(int argc, char *argv[]) msg = random_msg(atoi(optarg)); break; case 'M': - args.password = optarg; + args.use_md5 = 1; break; case OPT_FORCE_BIND_KEY_IFINDEX: args.bind_key_ifindex = 1; @@ -2028,7 +2026,7 @@ int main(int argc, char *argv[]) args.bind_key_ifindex = -1; break; case 'X': - args.client_pw = optarg; + args.password = optarg; break; case 'm': args.md5_prefix_str = optarg; @@ -2092,14 +2090,14 @@ int main(int argc, char *argv[]) } } - if (args.password && - ((!args.has_remote_ip && !args.md5_prefix_str) || + if (args.password && (!args.use_md5 || + (!args.has_remote_ip && !args.md5_prefix_str) || args.type != SOCK_STREAM)) { log_error("MD5 passwords apply to TCP only and require a remote ip for the password\n"); return 1; } - if (args.md5_prefix_str && !args.password) { + if ((args.md5_prefix_str || args.use_md5) && !args.password) { log_error("Prefix range for MD5 protection specified without a password\n"); return 1; } -- 2.38.1